Data Privacy and Protection Notice
Pinner Risk Solutions Ltd (PRS) strongly believe in protecting your privacy and the confidentiality of your Personal Information. This Policy explains how PRS collects, uses, protects, stores and shares this information that is collectively referred to as “Data”. You should understand that Personal Information is any combination of information, either in our possession, or likely to come into our possession, that can be used to identify, contact, or locate any individual person. Any such information will be treated as Personal Information and dealt with in accordance with this Policy.
Who are we, and who to contact?
This notice is produced by Pinner Risk Solutions Ltd, Ground Floor, College House, 17 King Edwards Road, Ruislip, Middlesex HA4 7AE. Tel: 01895 675758. We are the Data Controller and, in some cases, also the Data Processor. If you have any queries about this Policy or the use of your Data you should contact us.
What are the purposes for processing of your Personal Information (Data)?
PRS is an Insurance Intermediary. We need to obtain Personal Information from you and any other parties that may be involved in those arrangements for the following reasons:
- To correspond with you,
- To provide insurance quotations to you,
- To arrange policies,
- To collect, process and administer premiums, including arranging premium financing,
- To provide ongoing administration of your insurance policies,
- To assist in any subsequent claims.
- To fulfil our legal requirements to protect against fraud and other illegal activities,
- To meet our Regulatory requirements,
- To promote our business and the services we offer to you, whilst an existing client and to prospective and former clients. Former clients may opt out from any marketing by telling us.
What is the Legal Basis for PRS’ processing your Personal Information?
The Law provides a number of legal bases for our processing;
For Purposes 1 – 6 of the above section the Legal Basis is Article 6 (1) (b) of the General Data Protection Regulations, namely that “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
For Purposes 7 – 8 of the above section the Legal Basis is Article 6 (1) (c) of the General Data Protection Regulations, namely that “processing is necessary for compliance with a legal obligation to which the controller is subject.”
For Purpose 9 of the above section the Legal Basis is Article 6 (1) (f) of the General Data Protection Regulations, namely that “processing is necessary for the purposes of the legitimate interests pursued by the controller. . .” Where we use this Legal Basis our legitimate interests are that in promoting our business we are seeking to expand our business and/or increase our profitability. There are other safeguards relating to this legal basis with which we have to comply in order to use the basis legally.
Special Category Data and Criminal Offence Data
For Purposes 1 – 6, and in some cases for purposes 7 – 8, we may ask you for certain information that is more intrusive. These types of information are termed either “Special Category Data”; or “Criminal Offence Data”. We will only seek this type of data from you where it is necessary in order to provide a relevant insurance quotation or continue to administer your Policy(ies).
Special Category Data would include, for example, health data required in connection with, say, a Motor or Travel Policy. Criminal Offence Data such as driving, or other convictions, is relevant to a number of types of Policy that could affect you.
We are permitted to process such data for Insurance purposes where it is “necessary for an insurance purpose” and for reasons of “substantial public interest”. The Information Commissioner’s Office has indicated that our processing in these circumstances and for these purposes would be legal, subject to the safeguards set out in the Data Protection Bill.
Who we might release your data to?
- To prospective Insurers to obtain quotations
- To other Brokers operating Insurance Schemes that may benefit you in finding the most appropriate Policy
- To Finance Houses where you ask us to arrange Premium Finance
- To our Regulator, the Financial Conduct Authority, where we are required to do so
- To Government organisations where we are required to such as the Motor Insurance Database
- To the Police or other enforcement bodies where they have a legal right to receive the data
- To our Processor who provides the Technology platform we use to run our business so that your data can be processed efficiently
- To Loss Adjusters or Assessors where necessary in connection with any claims you may have
- To car hire firms where you are hiring a vehicle and have asked us to pass your details to them
- To our Professional advisers, Solicitors, Compliance professionals and similar organisations
- To any third party that purchases, or to which we transfer, all or substantially all of our assets and business
Will we pass your data overseas?
No, but it is possible that some Insurers may do but they will provide details in their Privacy Notice.
How long will we keep your data?
We will keep your data on our systems for 6 years after you cease to be a Client of ours. This is because there may be claims that occur after your Policy ceases that we might need to be involved in. In addition, our Regulator may wish us to contact you for example if we have mis-sold a Policy and need to contact you to make amends.
What Rights does the Law provide for you?
- You have the right to be informed of what we do with Data. This Notice covers the information you need
- You have the right to access your personal data so that you can check that we are handling it legally and that it is correct
- You have a right to ask us to correct erroneous data and add supplementary information if it is appropriate
- You have the right to ask us to erase all your data. This will apply if we are using Legitimate Interests as our Legal Basis or if we are using it for Direct Marketing. Most of the time this right will not apply as for almost all our insurance activities the Legal Basis we are using is that of Contract. However, if it does apply in your case you should be aware that we may have to cancel any Policies and advise your Insurer that they cannot process your data any more too so you may find that you have no cover.
- You have the right to ask us to restrict our processing. This may be because you are disputing the accuracy of your data and are waiting for us to rectify it under 3) above.
- You have a right to data portability. This requires us to transfer your data in a suitable format to whoever you wish us to. This right applies where we are processing under the legal basis of performing a contract. This is the usual basis we use to deal with your insurance arrangements.
- You have the right to object to our processing. This right particularly applies where we use your data to contact you after you cease to be a client and we are contacting you in a marketing context using Legitimate Interests as our Legal Basis.
- You have rights to find out more if automatic decision-making is used using you data. We do not do this but certain quotations from Insurers may use this. Their Privacy Notice may give more details.
- If, at any time we specifically ask you to give your consent to us processing your data, you have a right to withdraw such consent. We do not usually use Consent as our Legal Basis for processing so this is unlikely to apply.
- If you are dissatisfied with how we treat your data and we do not take measures that in your view do not put the matter right, you have the right to complain to a supervisory body. You can complain to the Information Commissioners Office https://ico.org.uk/.
Where does your data come from?
Generally, you provide data to us so that we can carry out your instructions. In some cases where we carry out marketing activities we may obtain your data from membership lists (if we are also a member) or from other publicly available sources or searches that we have undertaken in relation to sanctions, money laundering and credit checks.
What happens if you decide not to give us the data we ask for?
If you decide not to give us data we ask for and we need that data to fulfil the request you are making, then usually we will be unable to continue to act on your behalf.
How do we store and transmit your data?
Your data resides in our computerised Broker Administration system and is protected at all times by both us and our Processor. We may use a variety of methods to transmit your data but will always try to ensure that is remains confidential and safe.
Version 1 Apr 2018